Should Ransomware Payments Should Be Illegal? Experts Weigh In

BACKGROUND:

More than three-quarters of security professionals and consumers alike believe that making ransomware payments to cyber criminals should be made illegal to stem to tide of attacks, shows research from MSSP Talion and the Research Institute for Sociotechnical Cyber Security (Riscs). The study, commissioned to support the launch of a cyber campaign collective dubbed #Ransomaware, also claimed that 81% of security pros believe sharing information about ransomware is the key to building better defences.

Experts Comments

June 28, 2021
Jake Moore
Cybersecurity Specialist
ESET

Making ransomware payments illegal may halt the money being siphoned into criminal networks, but a secondary level of disruption would be inevitable – and potentially even more catastrophic. Although over time ransomware could possibly be eradicated, the level of immediate upheaval, damage and data loss could be larger than in the current state of play, so this must be considered carefully before any new rules are set. Forcing companies not to pay could force them into a space where

.....Read More

Making ransomware payments illegal may halt the money being siphoned into criminal networks, but a secondary level of disruption would be inevitable – and potentially even more catastrophic. Although over time ransomware could possibly be eradicated, the level of immediate upheaval, damage and data loss could be larger than in the current state of play, so this must be considered carefully before any new rules are set. Forcing companies not to pay could force them into a space where rebuilding their entire business may not be viable or even possible. Companies don’t want to pay their attackers, but they are stuck choosing the least bad outcome, the choice that will damage them the slightest. When presented with a timescale and cost analysis of potential outcomes, it is clear why some still choose to pay. This choice may seem unethical, but it is rarely taken lightly. This latest proposal will take the difficult decision out of companies’ hands, but before anything drastic is set into law, it is vital that organisations are allowed time to further protect their assets and take robust measures to protect their backup and restore functions.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.